WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (12 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/l10n.php

    r11281 r11380  
    121121
    122122/**
     123 * Retrieves the translation of $text and escapes it for safe use in HTML output.
     124 * If there is no translation, or the domain isn't loaded the original text is returned.
     125 *
     126 * @see translate() An alias of translate()
     127 * @see esc_html()
     128 * @since 2.8.0
     129 *
     130 * @param string $text Text to translate
     131 * @param string $domain Optional. Domain to retrieve the translated text
     132 * @return string Translated text
     133 */
     134function esc_html__( $text, $domain = 'default' ) {
     135    return esc_html( translate( $text, $domain ) );
     136}
     137
     138/**
    123139 * Displays the returned translated text from translate().
    124140 *
     
    145161function esc_attr_e( $text, $domain = 'default' ) {
    146162    echo esc_attr( translate( $text, $domain ) );
     163}
     164
     165/**
     166 * Displays translated text that has been escaped for safe use in HTML output.
     167 *
     168 * @see translate() Echoes returned translate() string
     169 * @see esc_html()
     170 * @since 2.8.0
     171 *
     172 * @param string $text Text to translate
     173 * @param string $domain Optional. Domain to retrieve the translated text
     174 */
     175function esc_html_e( $text, $domain = 'default' ) {
     176    echo esc_html( translate( $text, $domain ) );
    147177}
    148178
Note: See TracChangeset for help on using the changeset viewer.